Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (19)
Semelhante a Snort ppt
Semelhante a Snort ppt (20)
Último
Último (20)
Snort ppt
- 2. • Snort is an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) • Snort can be used to block malware, and other intrusions on your computer. • Snort, although initially programmed for Linux and other Command Line Interface (CLI) systems, can be configured to run on Windows. • Before configuring Snort to run on Windows, your system is required to have WinPCap and Barnyard installed.
- 3. • Before you can install Snort, your system is require to have WinPCap 4.1.1 or newer. • Open up a your web browser and go to your preferred search engine. • Once there search for WinPCap and download the latest version. • In this case the latest version is 4.1.3. • After the download run the installer and go through the program setup like you would normally.
- 4. • Other than WinPCap the only other system requirement for installing Snort is Barnyard. • So, again, open up your browser and go to your search preferred search engine. • Once there search for a Barnyard download for Windows, this may be a little difficult to find so make sure your include which OS you are using in the search. • Once you find it, download it and run the installer. • Once the installer is running, go through the program setup like you normally would.
- 5. • First we need to find the program that we need to install. • So we open our web browser and go to any search engine. • Search for Snort and open the result link to the program website. • Once on the site go to the download section of the site.
- 6. • There are multiple sections with download links. • The one we are going to download from is the Binaries section. • Under the Binaries list there are multiple download links. • We are looking for the Installer with the right file type to run on our OS. • We are using Windows, so we are going to use the executable (.exe) file. • Download the file and run through the set up process. • If you are using Internet Explorer, you may have to save the file and rename it as an .exe file.
- 7. • Now to download the your Snort rules, and get the program configuration started. • On the Snort site, click the get rules button and it will take you to the rules download page. • Here you are going to download the rules file that either matches or is closest to the version of Snort that you have downloaded. • Once downloaded extract the files to your Snort folder.
- 8. • Now we need to consult the documentation to configure Snort, which you can find on the Snort site, or if you prefer on just about any search engine. • Once you open your Snort documentation, read through and follow the instruction in order to configure your Snort program.
- 9. • The documentation is telling you to open the .conf file and edit certain lines in it. • To do this find the file in your etc folder in your Snort folder. • Right-click the program and open it with WordPad. • In the .conf file you are going to search for the lines that you are instructed to change . • Once you find them, make the necessary changes. • Be sure to double check your changes before you save and close the file.
- 10. • In Fig. 1 you are being asked to run commands in your Command Prompt, so open up your Command Prompt by opening your Start menu and searching “cmd”. • Run the first command that is asks you to, and your screen should look like figure 2, and from this you are going to find your interface number. • Fig. 1 then asks you to run a second command in which “X” is to be replaced with your interface number, so if done correctly, you should get a long stream of data like in Fig. 3. Fig. 1 Fig. 2 Fig. 3
- 11. • You are now asked to open a new Command Prompt window and run the command “ping google.com”. • If it is done correctly you should end up with two Command Prompt windows that look like the two above.
- 12. • The documentation now instructs you to close the previous two Command Prompt windows and open a new one. • Run the new command in your new Command Prompt window, and if no errors occur you window should look like the second figure. • If an error does occur, you will then need to open your .conf file in WordPad again, and make correction to the appropriate lines, until running the command gives you a screen similar to the one displayed in the second figure. • You can identify the necessary line by looking for the number within the <> in the error message.